Contrast OSS identifies open source components through multiple sources of discovery: runtime analysis, file system scanning and dependency analysis. Leveraging these techniques, OSS reports an exact inventory to Contrast.

Once a library is reported to Contrast, you can access:

  • Library usage analysis to identify whether vulnerable components are actually used by the application

  • Library version identification and guidance on the latest version

  • Comprehensive vulnerabilities coverage

  • Portfolio wide, real-time reporting of open source components

To simplify the process and merge open-source analysis with custom code analysis, Contrast has seamlessly integrated Contrast OSS as an integral part of the platform.

Open-source license management

Contrast OSS  provides license data tied to open-source components to fully understand and mitigate intellectual property compliance and operational risk. Contrast OSS allows setting policies blacklisting open-source licenses, which triggers alerts if a blacklisted license type is deployed in your applications.

Open-source policy

In addition to license compliance policy, security policies can be set and enforced centrally through Contrast. Policy can be set to blocklist libraries and set version requirements.

CLI and dependency tree

The Contrast command line interface (CLI) allows testing source code at the earliest stages of development. The data collected by the Contrast CLI is used to display a dependency tree to give increased awareness into underlying library dependencies.